CN105447406B - A kind of method and apparatus for accessing memory space - Google Patents

A kind of method and apparatus for accessing memory space Download PDF

Info

Publication number
CN105447406B
CN105447406B CN201510760585.1A CN201510760585A CN105447406B CN 105447406 B CN105447406 B CN 105447406B CN 201510760585 A CN201510760585 A CN 201510760585A CN 105447406 B CN105447406 B CN 105447406B
Authority
CN
China
Prior art keywords
secure
storage space
access
environment
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510760585.1A
Other languages
Chinese (zh)
Other versions
CN105447406A (en
Inventor
韩鹏
李辉
王小璞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201510760585.1A priority Critical patent/CN105447406B/en
Publication of CN105447406A publication Critical patent/CN105447406A/en
Application granted granted Critical
Publication of CN105447406B publication Critical patent/CN105447406B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Virology (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of method and apparatus for accessing memory space, the safety that private data stores in terminal can be improved.This method is applied in the terminal configured with memory space, and the running environment of the operating system of the terminal includes security context and insecure environments, and this method includes:According to the instruction information to prestore in memory space, determine that the memory space is secure memory space, which is used to indicate the security attribute of the memory space;Forbid registering the secure memory space in the device registry of the insecure environments;According to the access request that the trusted application TA operated in the security context is sent, the secure memory space is accessed.The device includes determining module, registration module and access modules, and the determining module, the registration module and the access modules are for executing the above method.

Description

Method and device for accessing storage space
Technical Field
The embodiment of the invention relates to the field of communication, in particular to a method and a device for accessing a storage space.
Background
With the development of mobile terminals such as mobile phones and tablet computers, storage of private data such as fingerprints and payment instruments has become an important concern. In the mobile terminal, the storage areas for storing the security information are all exposed in the device surface of the mobile terminal, so that the access to the storage areas is performed in an unsafe operating environment, and the key used in the access process and the accessed privacy data are easily stolen or damaged by an attacker, so that the privacy data of the user are leaked, and great loss is brought to the user.
Therefore, in the current mobile terminal, the security of the storage space needs to be improved.
Disclosure of Invention
The embodiment of the invention provides a method and a device for accessing a storage space, which can improve the security of private data storage in a terminal.
In a first aspect, a method for accessing a storage space is provided, where the method is applied in a terminal configured with the storage space, and an operating environment of an operating system of the terminal includes a secure environment and a non-secure environment, and the method includes: determining the storage space as a safe storage space according to indicating information prestored in the storage space, wherein the indicating information is used for indicating the safety attribute of the storage space; disabling registration of the secure storage space in a device registry of the unsecure environment; the secure memory space is accessed according to an access request sent by a trusted application TA running in the secure environment.
With reference to the first aspect, in a first possible implementation manner of the first aspect, a key parameter is obtained from the secure environment according to an access request sent by a TA running in the secure environment; generating an access key in the secure environment according to the key parameter; according to the access key, a security service program is called in the security environment to carry out permission verification on the TA so as to determine whether the TA has the permission of accessing the security storage space; and when the TA is determined to have the right to access the safe storage space, calling the safe service program to access the safe storage space in the safe environment according to the access request. Therefore, the access key is obtained in the secure environment through the secure service program, and the authority verification is carried out in the secure environment, so that the possibility that the access key is leaked is reduced to the minimum, and the security of the private data storage in the secure storage space is further improved.
With reference to the first aspect and the foregoing implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the method further includes: and forbidding equipment information of the safe storage space to be registered under the system directory of the non-safe environment, wherein the equipment information comprises storage quantity information or storage block number information. Therefore, the device information of the secure storage space cannot be acquired in the non-secure environment, so that the possibility that the secure storage space is damaged by being discovered by an attacker is further reduced, and the security of the private data storage in the secure storage space is improved.
With reference to the first aspect and the foregoing implementation manner, in a third possible implementation manner of the first aspect, the terminal is configured with a memory chip, where the memory chip includes the secure memory space and a non-secure memory space registered in the non-secure environment, and the non-secure memory space is accessed in the non-secure environment by a non-secure access driver, and the method further includes: allocating a first mutual exclusion lock to the non-secure access driver, wherein the first mutual exclusion lock is used for refusing the secure service program to access the secure storage space when the non-secure access driver accesses the non-secure storage space; and allocating a second mutual exclusion lock for the security service program, wherein the second mutual exclusion lock is used for refusing the non-security access driver to access the non-security storage space when the security service program accesses the security storage space.
With reference to the first aspect and the foregoing implementations of the first aspect, in a fourth possible implementation of the first aspect, the secure environment includes a trusted execution environment or an advanced reduced instruction set machine trusted firmware, and the non-secure environment includes a rich execution environment.
In a second aspect, there is provided an apparatus for accessing a storage space, the apparatus being configured with the storage space, an operating environment of an operating system of the apparatus including a secure environment and a non-secure environment, the apparatus comprising: a determining module, a registering module and an accessing module, which are respectively configured to execute the method in the first aspect.
In a third aspect, there is provided a device for accessing a storage space, the device being configured with the storage space, an operating environment of an operating system of the device including a secure environment and a non-secure environment, the device comprising: receiver, processor, transmitter, memory and bus system. The receiver, the processor, the transmitter and the memory are connected through the bus system, the memory is used for storing instructions, and the processor is used for executing the instructions stored by the memory to control the receiver to receive signals and control the transmitter to transmit signals. The controller is particularly adapted to perform the method of the first aspect.
According to the method and the device for accessing the storage space, whether the storage space is a safe storage space or not is determined according to the indicating information prestored in the storage space, the safe storage space is forbidden to be registered in the non-safe environment, so that the safe storage space cannot be accessed in the non-safe environment, and the safe storage space is accessed in the safe environment according to the access request sent by the trusted application running in the safe environment, so that an attacker is prevented from accessing the safe storage space through malicious software in the non-safe environment, leakage or damage of private data is avoided, and the safety of private data storage in the terminal is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic view of a scenario of a method for accessing a storage space, which is suitable for an embodiment of the present invention.
Fig. 2 is a schematic diagram of a method for accessing a memory space according to an embodiment of the present invention.
FIG. 3 is another schematic flow chart diagram of a method for accessing a memory space according to an embodiment of the present invention.
Fig. 4 is a schematic block diagram of an apparatus for accessing a memory space according to an embodiment of the present invention.
Fig. 5 is a schematic block diagram of an apparatus for accessing a memory space according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described clearly below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be understood that, in the embodiment of the present invention, a Terminal may also be referred to as a User Equipment (UE), a Mobile Station (MS), a Mobile Terminal (RAN), or the like, and the Terminal may communicate with one or more core networks via a Radio Access Network (RAN), for example, the Terminal may be a Mobile phone (or a cellular phone, a Mobile phone), a computer with a Mobile Terminal, and the like, for example, the Terminal may also be a portable, pocket, hand-held, computer-embedded, or vehicle-mounted Mobile device, and they exchange voice and/or data with the RAN.
For ease of understanding, an application scenario of the method for accessing a storage space applicable to the embodiment of the present invention is briefly described below with reference to fig. 1. As shown in fig. 1, the terminal 10 is a terminal supporting a Trusted zone (Trusted zone) security extension technology provided by an Advanced reduced instruction Set machine (Advanced reduced Execution Environment, ARM), the operating environments of the system in the terminal 10 include a Trusted Execution Environment (TEE) 11 and a Rich Execution Environment (REE) 12, and the secure storage space 13 may be exposed in the TEE11 or the REE 12, or may be exposed in both the TEE11 and the REE 12.
It should be noted that, the TrustZone technology introduces a secure environment by upgrading hardware designs of a Central Processing Unit (CPU) and a memory subsystem in the terminal. The secure environment is isolated from the non-secure environment hardware, and communication between the secure environment and the non-secure environment is realized through a monitoring mode. The secure area may contain secure memory, encryption blocks, keyboards, and screen light peripherals to protect against software attacks.
In the embodiment of the present invention, TEE is an example of a secure environment, and REE is an example of a non-secure environment. Here, the TEE may also be referred to as a "secure world" or a secure Operating System (OS), for example, an environment in which applications are run. Correspondingly, REE may be referred to as the "normal world" or non-secure OS. The TEE and the REE are two operating environments running on the same processor at the same time. Wherein, the information or data in the REE may be stolen or damaged by an attacker, that is, the security of the information and data in the REE is not high; compared with REE, TEE is an independent and safe running environment, runs in the background of the system and cannot be seen by ordinary users, so that resources in the TEE can be protected from being attacked by malicious software, and various types of security threats can be resisted. Therefore, the TEE can effectively ensure the safety of information and data, the information or the data in the TEE cannot be acquired or tampered by an attacker, and in addition, the hardware and the software of the terminal ensure the safety of the TEE together.
It should be understood that the above-listed terminal, REE and TEE of ARM TrustZone technology are exemplary illustrations, and should not be construed as limiting the invention in any way. All terminals with operating systems having two operating environments, namely a secure environment and a non-secure environment, are suitable for the technical solution of the present invention, and all technical solutions that utilize the method for accessing a storage space of the present invention to improve the security of the secure storage space fall within the protection scope of the present invention.
In the embodiment of the present invention, the secure storage space 13 is used for storing key and sensitive data in the system, or privacy data of the user, for example, information such as a user fingerprint, a pay password, a wechat payment password, and an identification number. Specifically, the secure storage space 13 may be an independent storage device, or may also be a storage space in a storage device, or a storage partition, for example, the storage device 14 includes the secure storage space 13 and the non-secure storage space 15, and the secure storage space 13 and the non-secure storage space 15 may be independent of each other.
By way of example and not limitation, the secure storage space 13 may be a playback protected Memory Block (RPMB), or RPMB partition, and the insecure storage space 15 may be a User partition, where the RPMB partition and the User partition are two independent partitions in an Embedded multimedia card (EMMC).
It should be understood that the above listed EMMC chip, RPMB partition, and User partition are only exemplary, should not limit the present invention, and the present invention should not be limited thereto, and all the memory spaces applicable to the embodiments of the present invention, which can be configured in the terminal having the secure and non-secure operating environments, fall within the protection scope of the present invention.
It should also be understood that the scenario shown in fig. 1 is for better understanding of the embodiments of the present invention by those skilled in the art, and the present invention should not be limited thereto. It will be apparent to those skilled in the art from the example given in figure 1 that various equivalent modifications or variations are possible, and such modifications or variations are also within the scope of the embodiments of the invention.
Hereinafter, for convenience of understanding, the method for accessing the storage space according to an embodiment of the present invention is described in detail with reference to fig. 2 to 4 by taking an RPMB and two execution environments, namely, an REE and a TEE, as examples.
FIG. 2 shows a schematic flow chart of a method 200 for accessing a memory space according to an embodiment of the present invention. The method 200 may be performed by a terminal, as shown in fig. 2, the method 200 including:
s210, determining the storage space as a safe storage space according to indicating information prestored in the storage space, wherein the indicating information is used for indicating the safety attribute of the storage space;
s220, forbidding to register the safe storage space in the equipment registry of the non-safe environment;
s230, accessing the secure storage space according to an access request sent by the trusted application TA running in the secure environment.
In the embodiment of the present invention, the storage space is a storage space configured in a terminal, the terminal may be the terminal 10 shown in fig. 1, the storage space may be a secure storage space 13 shown in fig. 1, and the insecure environment may be the REE 12 shown in fig. 1.
In S210, the terminal may obtain the security attribute of the storage space according to the indication information pre-stored in the storage space. Specifically, since the storage space may be an independent storage device or a partition in a storage device, device information of the storage device when the storage device leaves the factory is pre-stored in a register of the storage device, where the device information includes information such as a name, a capacity, and a security attribute of the storage device (including each partition in the parking device).
In the embodiment of the present invention, the indication information may be carried in device information pre-stored in the register. For example, the indication information may be carried on a certain predetermined bit or in a certain predetermined field, and the indication information may be used to indicate the security attribute of the storage space.
For example, when the preset bit is "0", it indicates that the storage space is an insecure attribute; when the preset bit is "1" or not "0", it indicates that the storage space is a security attribute.
Alternatively, the security attribute of the storage space may be indicated by the storage size of the secure storage represented by the preset field. For example, when the preset bit is "0", it indicates that the secure storage amount of the storage space is 0, that is, the storage space has a non-secure attribute; when the preset field is not '0', it indicates that the storage space has a secure storage amount, i.e. the storage space has a specific security attribute. For example, when the preset field is "01", the secure storage space is 1024M.
Alternatively still, the storage space may be divided into a plurality of partitions, e.g., two. The indication information may be carried in a predetermined byte in the device information, for example, a first bit or field in the byte is predetermined to indicate the security attribute of the first partition, a second bit or field is predetermined to indicate the security attribute of the second partition, and so on, each bit or field is used to indicate the security attribute of one storage partition. Therefore, the terminal can determine whether the storage space or a certain partition in the storage space is a safe storage space according to the indication information.
In S220, after determining that the storage space is a secure storage space, the terminal prohibits registering the secure storage space in the device registry of the insecure environment, so that the secure storage space cannot be accessed in the insecure environment. That is, the secure storage space cannot be seen or detected in the terminal by the ordinary user, in other words, the risk of the secure storage space being accessed by an attacker is avoided due to the invisibility of the secure storage space. Alternatively, it may be understood that the storage space is registered in a secure environment such that the secure storage space is not visible to an ordinary user in the environment in which the system is operating.
Taking the registration of the Linux kernel initialization stage on the RPMB (i.e., an example of the secure storage space) as an example, in the Linux kernel initialization stage, the hardware device of the terminal is registered in the device registry, so as to facilitate the user to search and use. For example, hardware devices may be stored in a device registry in the REE, that is, after being registered, all devices are exposed in the REE, and thus are easy to find and discover, and at the same time, the risk of privacy data disclosure is increased.
In the embodiment of the invention, in the Linux kernel initialization phase, whether the RPMB is a secure storage space is determined firstly, and when the RPMB is determined to be the secure storage space, the RPMB is prohibited from being registered in the device registry of the terminal, for example, the RPMB partition is not registered under/dev/block/directory (i.e. mmcblk0RPMB node is not seen in/dev/block), so that the RPMB cannot be accessed in the REE.
It should be understood that the above-listed process of registering the RPMB by the Linux kernel initialization is only an exemplary illustration, and should not limit the present invention in any way.
In S230, the terminal may perform an access operation on the secure storage space (e.g., RPMB) in the secure environment according to an access request sent by a Trusted Application (TA) running in the secure environment (e.g., TEE). The access request may be an access request sent by a trusted application running in the TEE (i.e., an example of a secure environment), or an access request initiated by a Client Application (CA) running in a non-secure environment (e.g., a REE), where when the request needs to access private data stored in an RPMB, the CA switches to TA, and initiates an access request to the RPMB (i.e., an example of a secure storage space) in the TEE. The terminal may invoke a security service (e.g., RPMB service) in the TEE to directly access the secure storage space.
It should be understood that the above listed TA, CA, RPMB services and security service procedures are only exemplary and should not limit the present invention in any way. Other applications that are used in both secure and non-secure environments, as well as drivers for accessing secure memory spaces, are within the scope of the present invention.
Therefore, according to the method of the embodiment of the present invention, whether the storage empty area is a secure storage space is determined according to the indication information pre-stored in the storage space, and the registration of the secure storage space in the non-secure environment is prohibited, so that the secure storage space cannot be accessed in the non-secure environment, and further, according to the access request sent by the trusted application TA running in the secure environment, the secure storage space is accessed in the secure environment, thereby preventing an attacker from accessing the secure storage space through malicious software in the non-secure environment, which causes the leakage or damage of the private data, and improving the security of the storage of the private data.
Optionally, accessing the secure storage space according to an access request sent by a trusted application TA running in the secure environment includes:
and calling a security service program in the secure environment to access the secure storage space according to an access request sent by the TA running in the secure environment.
Specifically, when a user needs to access the secure storage space, an access request for requesting to invoke a security service to access the secure storage space (e.g., RPMB) needs to be sent through an application (e.g., TA) running in the secure environment. The access request may carry data information of the data that the TA requests to access, for example, when the TA requests to read the private data in the RPMB (i.e., an example of the secure storage space), the access request may carry information such as a file name or a type of the data, an application program, etc. that the TA requests to read; when the TA requests to write data to the RPMB, the access request may carry the data requested to be written by the TA.
The TA may be a pay bank, a wechat payment, or the like, and the application programs need to use some user privacy data (for example, a payment password or a fingerprint, or the like) when the terminal runs. It should be understood that TA is only an exemplary illustration of an application running in the TEE, and may also be referred to as a security application, etc., and the present invention is not particularly limited. It should be further understood that the specific contents of the TA listed above are only exemplary, and should not limit the present invention in any way, and the present invention should not be limited thereto, for example, the TA may also include an internet bank U shield, etc.
And the security service program encrypts and decrypts the data requested to be accessed according to the access request so as to facilitate the security service program to write data into the security storage space or read data.
It should be further noted that the security service program may be understood as a program or software for providing an external interface in a security environment, and the security service program may include a security access driver (e.g., RPMB driver) for accessing the storage space. That is, when the security service receives an access request from the TA, the security access driver may be invoked to access the secure storage space in the secure environment. It should be understood that the security service program and the security access driver, as modules for implementing specific functions, may be one module having the above two functions (the authorization check sum access driver), or may be two independent functional modules, which are merely exemplary and should not limit the present invention. It should also be understood that the functions of the security service program are not limited to the rights check and the access driver, and all functions for providing an external interface may be implemented by the security service program, which is not particularly limited by the present invention.
In the embodiment of the present invention, the TA may request to call the security service (or the security access driver) to access the secure storage space, because the TA is an application running in the TEE, that is, when the TA accesses the secure storage space in the TEE, the accessed private data (including read and written private data) of the TA cannot be stolen or damaged by an attacker, and all information in the access process is stored in a register in the TEE or discarded in the TEE, and therefore cannot be seen or acquired by the attacker.
In contrast, an unsecure memory space (e.g., unsecure memory space 15 shown in fig. 1) may be accessed by any program, for example, by a Client Application (CA). For example, the CA may be an application program such as a map, weather, or a browser, when a user accesses the mobile terminal through the CA, the data accessed by the user is exposed in the REE, and the REE has no protection effect on the data, even though the CA needs to use a security method such as password verification when accessing the non-secure storage space 15, a third-party malicious program may obtain the password or the private data through a dump memory method, which may cause a risk that the private data is leaked or tampered with, and the security is low.
For example, when a user needs to pay through a pay bank, the pay bank application program is opened first, and is still a CA when being accessed, when payment needs to be paid by inputting a pay password or checking a fingerprint, that is, when privacy data needs to be accessed, the pay bank application program is automatically switched to a TA in a background of the system, so that the pay bank application program is switched to a TEE to run, reading and comparing the pay password or the fingerprint prestored in the secure storage space is completed, when the pay password or the fingerprint input by the user is consistent with the pay password or the fingerprint prestored in the secure storage space, payment is completed, and the pay bank application program is automatically switched to the CA from the TA, that is, the pay bank application program is switched to the REE environment from the REE environment. In this process, the interface that the user can see is only the interface running in the REE, but the TEE running in the background cannot be seen, so the process of reading the private data is also invisible, or the private data cannot be known.
It should be noted that, part of the applications in the pay bank application program are executed by the CA, and the programs related to accessing the private data are executed by the TA, and the CA and the TA may implement automatic switching through a code pre-written in the application program, which is not particularly limited by the present invention.
Therefore, the method of the embodiment of the invention calls the security service program to access the security storage space in the security environment through the trusted application, thereby avoiding the disclosure of the privacy data in the access process, avoiding the damage or tampering of the privacy data possibly caused by the malicious intrusion of an attacker, and improving the security of the privacy data storage.
Optionally, accessing the secure storage space according to an access request sent by a TA operating in the secure environment includes:
acquiring a key parameter from the secure environment according to an access request sent by a TA (trusted application) running in the secure environment;
generating an access key in the secure environment according to the key parameter;
according to the access key, a security service program is called in the security environment to carry out permission verification on the TA so as to determine whether the TA has the permission of accessing the security storage space;
and when the TA is determined to have the right to access the safe storage space, calling the safe service program to access the safe storage space in the safe environment according to the access request.
Specifically, when the security service program receives an access request from the TA, the authority may be checked against the TA first to determine whether the TA has an authority to access the secure storage space, and the security service program needs to check a key carried by the TA according to the access key.
In the embodiment of the present invention, the access key may be a Hash-based message Authentication Code (HMAC), and the permission verification process may be Hash verification. The Hash-verified key is the access key used to access the RPMB.
It should be understood that the Hash check is only an exemplary one, and should not limit the present invention, and the present invention should not be limited thereto, and the embodiments of the present invention may also perform the permission check in other ways to determine whether the TA has the access permission to the secure storage space.
Hereinafter, the process of the security service program acquiring the access key will be described in detail by taking the TA requesting access to the RPMB in the production line phase and the use phase as an example.
In the embodiment of the present invention, when the terminal is initialized in the production line stage of the terminal, the initialization information (including the device information and the key information) may be stored in an execution environment with the highest security level in the system, for example, ARM Trusted Firmware (ATF) in ARM v8 architecture, or monitor mode (monitor) in ARM v7 architecture. For convenience of description, the execution environment with the highest security level in the system such as the ATF or monitor will be simply referred to as "secure execution environment". It should be understood that the secure execution environment may be a part of the secure environment, or may be an environment independent of the secure environment and the non-secure environment, and the present invention is not limited thereto.
For another example, the key parameter may also be stored in the TEE, so that a security service (e.g., RPMB service) running in the TEE is directly obtained from the TEE to generate the access key.
And after the security service program acquires the key parameter for deriving the authority verification from the security environment of the terminal, the security service program calls the key derivation software in the TEE to derive the access key according to the key parameter, and the access key is stored in an RPMB register and discarded after the initialization of the equipment is finished. Therefore, the derivation process of the preset key and the storage of the key parameter are performed in a very secure environment, and the possibility of stealing or destroying by an attacker is reduced.
During the usage of the user, the RPMB service (i.e. an example of the security service program) also performs the process of acquiring the access key in the TEE, the key parameter for deriving the preset key is also stored in the secure environment, for example, the secure execution environment (including the above ATF, monitor, etc.) or the TEE, and both the access key and the preset key are discarded in the TEE after being used, and are not acquired by the attacker.
In the embodiment of the present invention, the TA accesses the RPMB, and can read data from the RPMB or write data to the RPMB. When the TA needs to read data from the RPMB, the TA may perform the above authorization verification, after the verification is passed, the RPMB service or an RPMB driver (an example of a security access driver) may read the private data stored in the RPMB and needing to be read by the TA, and the RPMB service may perform decryption processing on the private data, so that the TA can read the decrypted private data; or, when the TA needs to write data into the RPMB, the RPMB service may encrypt the data that needs to be written, and when the TA passes the authorization verification, the encrypted data may be directly written into the RPMB by the RPMB service or the RPMB driver. The secure storage area is accessed in the TEE by a secure access driver.
It should be noted that, since the RPMB service is a service program running in the TEE, the access key acquisition, the permission verification, and the like through the RPMB are all executed in the TEE, and therefore, the access key is only exposed in the TEE and not exposed in the REE in the process of acquiring the verification, and is not acquired by an attacker.
In contrast, in the prior art, if the secure storage space is registered in the REE, the access key is exposed in the REE if the permission check needs to be performed in the REE, so that an attacker has a chance to steal the access key, and even if the access key is not stolen in the checking process and is discarded in the REE after use, the access key can be acquired in a dump memory manner, thereby increasing the risk of leakage or tampering of private data. Moreover, accessing the secure memory in the REE also requires calling an access driver (i.e., a non-secure access driver) in the REE to implement, and during reading or writing of the private data, the private data is exposed in the REE, and even if the private data is encrypted, there is still a possibility that the private data is cracked and leaked.
Therefore, the method of the embodiment of the invention obtains the access key in the secure environment through the secure service program and performs the authority verification in the secure environment, so that the possibility of the access key being leaked is reduced to the minimum, and the security of the private data storage in the secure storage space is further improved.
Optionally, the method 200 further comprises:
and prohibiting registering the device information of the secure storage space under the system directory of the non-secure environment so that the device information cannot be acquired in the non-secure environment, wherein the device information comprises storage quantity information or storage block number information.
In the embodiment of the present invention, since the secure storage space is not registered in the device registry of the REE, it may further be prohibited to register device information of the secure storage space under the system directory (e.g.,/sys/directory) of the REE, including storage amount information and storage block number information (e.g., maximum number of storage blocks writable in the secure storage space), and the like, so that an attacker cannot acquire any relevant information about the secure storage space in the REE, and the possibility that the secure storage space is discovered by the attacker and thus damaged is further reduced. In other words, the possibility that the private data stored in the secure storage space is leaked or destroyed is greatly reduced, and the security of the storage area is greatly improved.
Taking Linux kernel initialization registration process for RPMB as an example, storage amount size information of RPMB and maximum number information of writable storage blocks in RPMB may not be registered under/sys/directory in the REE, so that an attacker cannot acquire relevant information about RPMB even if the attacker cannot see the RPMB from the REE, for example, the storage amount information, the storage block number information, and the like. That is, the attacker cannot obtain any information about the RPMB from the REE. It should be understood that the system directory is only an exemplary illustration, and all technical solutions that prohibit the device information of the secure storage space from being registered in the non-secure environment fall within the protection scope of the present invention.
Further, the security service may obtain device information for the secure storage space from the secure environment.
In the embodiment of the present invention, the RPMB service may further obtain device information such as storage amount information of the RPMB, maximum storage block number information that can be written, and the like from an ATF (i.e., another example of a secure environment), and the RPMB service may allocate a storage space for data to be written, or search a storage path for data to be read, and the like, according to the device information, in combination with the data information.
It should be understood that the specific contents of the device information stored in the secure execution environment listed above are only exemplary, and should not be construed as limiting the present invention in any way. For example, the device information may include information such as the remaining memory amount in the RPMB, and the present invention is not particularly limited.
Optionally, the terminal is configured with a memory chip, where the memory chip includes the secure memory space and a non-secure memory space registered in the non-secure environment, and the non-secure memory space is accessed in the non-secure environment by a non-secure access driver, and the method further includes: allocating a first mutual exclusion lock for the security service program, wherein the first mutual exclusion lock is used for refusing the non-security access driver to access the non-security storage space when the security service program accesses the security storage space; or, a second mutual exclusion lock is allocated to the non-secure access driver, and the second mutual exclusion lock is used for refusing the secure service program to access the secure storage space when the non-secure access driver accesses the non-secure storage space.
Specifically, the RPMB may be a partition disposed on an EMMC chip (i.e., an example of a memory chip) disposed in the terminal. The EMMC chip may be divided into a User partition (i.e., an instance of non-secure storage space) and an RPMB partition. Since the User partition can be freely accessed by the User, the User partition is registered in the device registry in the REE and needs to be accessed through the EMMC driver (i.e., an example of a non-secure access driver, which will be referred to as a first EMMC driver for convenience of description below) in the REE. The RPMB partition in the EMMC chip needs to be accessed by the EMMC driver (i.e., another example of the security access driver, hereinafter referred to as the second EMMC driver for convenience of description) in the TEE in addition to the RPMB driver in the TEE. That is, accessing the RPMB partition first requires the second EMMC driver to access the EMMC chip and then access the RPMB partition through the RPMB driver. In other words, accessing the EMMC chip is the basis for accessing the RPMB partition.
Therefore, there is a concurrent problem in the terminal that two drivers simultaneously access the EMMC chip in two operating environments. In view of this, a mutex lock may be assigned at the EMMC driver in the REE. For example, a first mutex lock is allocated to the non-secure access driver (e.g., a first EMMC driver), and the first mutex lock is used to deny the secure service program from accessing the secure storage space when the non-secure access driver accesses the non-secure storage space; alternatively, the secure service (e.g., the second EMMC driver) is assigned a second mutual exclusion lock, which is used to deny the non-secure access driver access to the non-secure memory space when the secure service (or the secure access driver) accesses the secure memory space. That is, the first EMMC driver can access the data in the User partition only when acquiring the access authority (i.e., the first exclusive lock) to the User partition, and the second EMMC driver can access the data in the RPMB partition only when acquiring the access authority (i.e., the second exclusive lock) to the RPMB partition, thereby preventing the EMMC chip from being accessed by both drivers at the same time.
It should be noted that the first and second mutexes are respectively mutexes for accessing different partitions of the EMMC chip at different time periods, and may be the same mutex, and when the mutex is in the first EMMC driver, the first EMMC obtains access authority to the User partition, and at this time, the second EMMC driver cannot access the RPMB partition; when the mutex is locked in the second EMMC drive, the second EMMC acquires the access right to the RPMB partition, and the first EMMC drive cannot access the User partition at the moment.
Further, a priority may be assigned to the mutex lock (including the first mutex lock and the second mutex lock), and the access to the User partition is set to be a higher priority access, that is, the mutex lock is stored in the first EMMC driver, and when it is necessary to initiate the access to the RPMB partition and the first EMMC does not access the User partition at this time, the mutex lock is sent to the second EMMC driver, so that the second EMMC driver accesses the RPMB partition. It should be understood that the above-mentioned method for assigning priorities to mutexes is only exemplary, and should not be construed as limiting the present invention. The mutex lock may also be present in the secure environment independently, and may be allocated to a corresponding driver when it is required to access a partition of the memory chip (e.g., the EMMC chip), which is not particularly limited in the present invention.
It should be noted that the aforementioned non-secure access driver (e.g., the first EMMC driver) operates in a non-secure environment to access a general memory partition (e.g., the aforementioned User partition); in contrast, the secure access driver (e.g., the second EMMC driver) runs in a secure environment for accessing the secure memory partition (e.g., the RPMB partition described above), and the non-secure access driver and the secure access driver are two mutually independent drivers running in two different execution environments, respectively, or may be understood as two mutually independent functional modules, which have similar functions but different execution environments.
Furthermore, an attacker can be prevented from pretending to be TA by modifying the code and deleting the access right to the RPMB partition in the first EMMC driver, and the first EMMC is utilized to pretend to be a second EMMC to access the RPMB partition in the TEE, so that the private data in the secure storage space in the TEE is protected from being stolen or damaged.
Therefore, the method of the embodiment of the invention utilizes two drivers to access different partitions in the storage space in two different operating environments, prevents the concurrency problem of simultaneous access through the mutual exclusion lock, improves the security of the terminal, and is easy to implement by improving the prior art.
Optionally, the secure environment comprises a trusted execution environment or an advanced reduced instruction set machine trusted firmware, and the non-secure environment comprises a rich execution environment.
In the embodiment of the present invention, the RPMB may be exposed in the TEE, or may be exposed in an execution environment with a higher security level, and the device parameter and the key parameter may be stored in the secure execution environment, or may be stored in the TEE. In other words, the registration of the storage area and the storage location of the parameter may be determined according to the actual situation of each operating environment in the terminal, and the present invention is not particularly limited thereto.
Therefore, according to the method provided by the embodiment of the invention, whether the storage space is a safe storage space is determined according to the indication information prestored in the storage space, the safe storage space is prohibited from being registered in the non-safe environment, and the safe storage space is accessed in the safe environment according to the access request sent by the trusted application running in the safe environment, so that an attacker is prevented from accessing the safe storage space through malicious software in the non-safe environment to cause the leakage or damage of private data, and the safety of private data storage is improved.
The method 200 for accessing a storage space according to the embodiment of the present invention is described in detail from the perspective of a terminal in conjunction with fig. 2. The method 300 for accessing a memory space according to an embodiment of the present invention is described in detail below with reference to fig. 3, taking TA access to an RPMB partition on an EMMC chip as an example.
As shown in fig. 3, the method 300 includes:
s301, a TA sends an access request to an RPMB service, the RPMB service is requested to write data or read data to an RPMB partition, and the access request carries data information of the data which the TA requests to access (including reading or writing);
s302, the RPMB service encrypts and decrypts the data read or written by the TA request;
s303, the RPMB access acquires the key parameter and the RPMB partition information for deriving the access key from the ATF according to the access request of the TA;
s304, the RPMB service acquires an access key according to the key parameter so as to carry out authority verification;
s305, the RPMB service sends the data information which is requested to be accessed by the TA to an RPMB driver;
s306, the RPMB driver writes the encrypted data into the RPMB or reads the encrypted data from the RPMB partition.
It should be understood that the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiment of the present invention. For example, in the embodiment of the present invention, if the TA writes data into the RPMB partition, S302 is executed before S303; if TA reads data from the RPMB partition, S302 is performed after S304.
Therefore, in the method of the embodiment of the present invention, the access request of the TA is received in the TEE, the access key for accessing the secure storage space is obtained in the TEE, and the secure storage space is accessed in the TEE through the secure access driver according to the access key, so that the whole access process is executed in the TEE, thereby avoiding the key used in the access process from being stolen or damaged, reducing the possibility of disclosure of private data in the secure storage space, and improving the security of the mobile terminal.
The method for accessing a memory space according to the embodiment of the present invention is described in detail above with reference to fig. 2 and 3, and the apparatus and device for accessing a memory space according to the embodiment of the present invention are described in detail below with reference to fig. 4 and 5.
Fig. 4 shows a schematic block diagram of an apparatus 600 for accessing a memory space according to an embodiment of the present invention. The apparatus 600 is configured with a storage space, the operating environment of the operating system of the apparatus 600 includes a secure environment and a non-secure environment, as shown in fig. 4, the apparatus 600 includes:
a determining module 610, configured to determine, according to indication information pre-stored in the storage space, that the storage space is a secure storage space, where the indication information is used to indicate a security attribute of the storage space;
a registration module 620 for prohibiting registration of the secure storage space in a device registry of the insecure environment;
the accessing module 630 is configured to access the secure storage space according to an access request sent by a trusted application TA running in the secure environment.
Optionally, the apparatus 600 further comprises an obtaining module and a generating module, wherein,
the obtaining module is used for obtaining the key parameter from the security environment according to the access request;
the generation module is used for generating an access key in the secure environment according to the key parameter;
the determining module 610 is further configured to invoke the security service program in the secure environment to perform permission check on the TA according to the access key, so as to determine whether the TA has a permission to access the secure storage space;
the accessing module 630 is specifically configured to, when the determining module 610 determines that the TA has the right to access the secure storage space, invoke the security service in the secure environment to access the secure storage space according to the access request.
Optionally, the registration module 620 is further configured to prohibit registration of device information of the secure storage space under the system directory of the insecure environment, where the device information includes storage amount information or storage block number information.
Optionally, the apparatus 600 is configured with a memory chip, where the memory chip includes the secure memory space and a non-secure memory space registered in the non-secure environment, and the non-secure memory space is accessed by a non-secure access driver in the non-secure environment, and the apparatus 600 further includes an allocating module, configured to allocate a first mutual exclusion lock to the secure service program, where the first mutual exclusion lock is configured to deny the non-secure access driver from accessing the non-secure memory space when the secure service program accesses the secure memory space; or, a second mutual exclusion lock is allocated to the non-secure access driver, and the second mutual exclusion lock is used for refusing the secure service program to access the secure storage space when the non-secure access driver accesses the non-secure storage space.
Optionally, the secure environment comprises a trusted execution environment or an advanced reduced instruction set machine trusted firmware, and the non-secure environment comprises a rich execution environment.
The apparatus 600 according to the embodiment of the present invention may correspond to a terminal in the method for accessing a storage space according to the embodiment of the present invention, and each module and the other operations and/or functions in the apparatus 600 are respectively for implementing a corresponding flow of each method in fig. 2 and fig. 3, and are not described herein again for brevity.
Therefore, the device according to the embodiment of the present invention determines whether the storage space is a secure storage space according to the indication information pre-stored in the storage space, and prohibits registration of the secure storage space in the insecure environment, so that the secure storage space cannot be accessed in the insecure environment, and further accesses the secure storage space in the secure environment according to the access request sent by the trusted application running in the secure environment, thereby preventing an attacker from accessing the secure storage space through malicious software in the insecure environment, which causes leakage or damage of the private data, and improving the security of private data storage.
Fig. 5 shows a schematic block diagram of an apparatus 700 for accessing a memory space according to an embodiment of the present invention. The device 700 is configured with a storage space, the operating environment of the operating system of the device 700 includes a secure environment and a non-secure environment, as shown in fig. 5, the device 700 includes: receiver 710, processor 720, transmitter 730, memory 740, and bus system 750. The receiver 710, the processor 720, the transmitter 730 and the memory 740 are connected via a bus system 750, the memory 740 is used for storing instructions, and the processor 720 is used for executing the instructions stored in the memory 740 to control the receiver 710 to receive signals and control the transmitter 730 to transmit signals.
The processor 720 is configured to determine, according to indication information pre-stored in a storage space, that the storage space is a secure storage space, where the indication information is used to indicate a security attribute of the storage space;
the processor 720 is further configured to disable registration of the secure storage space in a device registry of the unsecure environment;
the processor 720 is further configured to access the secure memory space according to an access request sent by a trusted application TA running in the secure environment.
Optionally, the processor 720 is further configured to obtain a key parameter from the secure environment according to the access request, and generate an access key in the secure environment according to the key parameter; according to the access key, a security service program is called in the security environment to carry out permission verification on the TA so as to determine whether the TA has the permission to access the security storage space; and when the TA is determined to have the right to access the safe storage space, calling the safe service program to access the safe storage space in the safe environment according to the access request.
Optionally, the processor 720 is further configured to prohibit registration of device information of the secure storage space under a system directory of the insecure environment, where the device information includes storage amount information or storage block number information.
Optionally, the device 700 is configured with a memory chip, where the memory chip includes the secure memory space and a non-secure memory space registered in the non-secure environment, where the non-secure memory space is accessed by a non-secure access driver in the non-secure environment, and the processor 720 is further configured to assign a first mutual exclusion lock to the secure service program, where the first mutual exclusion lock is used to deny the non-secure access driver from accessing the non-secure memory space when the secure service program accesses the secure memory space; or, a second mutual exclusion lock is allocated to the non-secure access driver, and the second mutual exclusion lock is used for refusing the secure service program to access the secure storage space when the non-secure access driver accesses the non-secure storage space.
Optionally, the secure environment comprises a trusted execution environment or an advanced reduced instruction set machine trusted firmware, and the non-secure environment comprises a rich execution environment.
The device 700 according to the embodiment of the present invention may correspond to a terminal in the method for accessing a storage space according to the embodiment of the present invention, and each module and the other operations and/or functions in the device 700 are respectively for implementing corresponding flows of each method in fig. 2 and fig. 3, and are not described herein again for brevity.
Therefore, according to the device in the embodiment of the present invention, whether the storage space is a secure storage space is determined according to the indication information pre-stored in the storage space, and the registration of the secure storage space in the insecure environment is prohibited, so that the secure storage space cannot be accessed in the insecure environment, and then the secure storage space is accessed in the secure environment according to the access request sent by the trusted application running in the secure environment, so that an attacker is prevented from accessing the secure storage space through malicious software in the insecure environment, thereby preventing the leakage or damage of the private data, and improving the security of the storage of the private data.
It should be understood that the term "and/or" herein is merely one type of association relationship that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
It should be understood that, in various embodiments of the present invention, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (8)

1. A method for accessing a storage space, the method being applied to a terminal configured with the storage space, wherein an operating environment of an operating system of the terminal includes a secure environment and a non-secure environment, the method comprising:
determining the storage space as a safe storage space according to indicating information prestored in the storage space, wherein the indicating information is used for indicating the safety attribute of the storage space;
disabling registration of the secure storage space in a device registry of the insecure environment;
accessing the secure storage space according to an access request sent by a trusted application TA running in the secure environment;
the accessing the secure storage space according to an access request sent by a TA operating in the secure environment includes:
acquiring a key parameter from the secure environment according to an access request sent by a TA (trusted application) running in the secure environment;
generating an access key in the secure environment according to the key parameter;
according to the access key, a security service program is called in the security environment to carry out permission verification on the TA so as to determine whether the TA has the permission of accessing the security storage space;
and when the TA is determined to have the right to access the safe storage space, calling the safe service program to access the safe storage space in the safe environment according to the access request.
2. The method of claim 1, further comprising:
and prohibiting registering the device information of the secure storage space under the system directory of the non-secure environment, wherein the device information comprises storage quantity information or storage block number information.
3. The method according to claim 1 or 2, wherein the terminal is configured with a memory chip including the secure memory space and a non-secure memory space registered in the non-secure environment, the non-secure memory space being accessed in the non-secure environment by a non-secure access driver, the method further comprising:
allocating a first mutual exclusion lock to the non-secure access driver, wherein the first mutual exclusion lock is used for denying the secure service program to access the secure storage space when the non-secure access driver accesses the non-secure storage space; or,
and allocating a second mutual exclusion lock to the security service program, wherein the second mutual exclusion lock is used for refusing the non-security access driver to access the non-security storage space when the security service program accesses the security storage space.
4. The method of claim 1 or 2, wherein the secure environment comprises a trusted execution environment or an advanced reduced instruction set machine trusted firmware, and wherein the non-secure environment comprises a rich execution environment.
5. An apparatus for accessing a storage space, wherein the apparatus is configured with the storage space, wherein an operating environment of an operating system of the apparatus includes a secure environment and a non-secure environment, and wherein the apparatus comprises:
the determining module is used for determining the storage space as a safe storage space according to indicating information prestored in the storage space, wherein the indicating information is used for indicating the safety attribute of the storage space;
a registration module to prohibit registration of the secure storage space in a device registry of the insecure environment;
the access module is used for accessing the secure storage space according to an access request sent by a trusted application TA running in the secure environment;
the device further comprises:
the obtaining module is used for obtaining key parameters from the secure environment according to the access request;
a generating module, configured to generate an access key in the secure environment according to the key parameter;
the determining module is further configured to invoke a security service program in the secure environment to perform permission verification on the TA according to the access key, so as to determine whether the TA has a permission to access the secure storage space;
the access module is specifically configured to, when the determination module determines that the TA has the right to access the secure storage space, invoke, according to the access request, the secure service program in the secure environment to access the secure storage space.
6. The apparatus of claim 5, wherein the registration module is further configured to prohibit registration of device information of the secure storage space under a system directory of the insecure environment, and the device information includes storage amount information or storage block number information.
7. The apparatus according to claim 5 or 6, wherein the apparatus is configured with a memory chip including the secure memory space and a non-secure memory space registered in the non-secure environment, the non-secure memory space being accessed in the non-secure environment by a non-secure access driver, the apparatus further comprising:
the allocation module is used for allocating a first mutual exclusion lock to the security service program, wherein the first mutual exclusion lock is used for refusing the non-security access driver to access the non-security storage space when the security service program accesses the security storage space; or, allocating a second mutual exclusion lock to the non-secure access driver, where the second mutual exclusion lock is used to deny the secure service program from accessing the secure storage space when the non-secure access driver accesses the non-secure storage space.
8. The apparatus of claim 5 or 6, wherein the secure environment comprises a trusted execution environment or advanced reduced instruction set machine trusted firmware, and wherein the non-secure environment comprises a rich execution environment.
CN201510760585.1A 2015-11-10 2015-11-10 A kind of method and apparatus for accessing memory space Active CN105447406B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510760585.1A CN105447406B (en) 2015-11-10 2015-11-10 A kind of method and apparatus for accessing memory space

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510760585.1A CN105447406B (en) 2015-11-10 2015-11-10 A kind of method and apparatus for accessing memory space

Publications (2)

Publication Number Publication Date
CN105447406A CN105447406A (en) 2016-03-30
CN105447406B true CN105447406B (en) 2018-10-19

Family

ID=55557569

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510760585.1A Active CN105447406B (en) 2015-11-10 2015-11-10 A kind of method and apparatus for accessing memory space

Country Status (1)

Country Link
CN (1) CN105447406B (en)

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105825128B (en) * 2016-03-15 2020-05-19 华为技术有限公司 Data input method and device and user equipment
US10289853B2 (en) * 2016-03-31 2019-05-14 Microsoft Technology Licensing, Llc Secure driver platform
US10339333B2 (en) 2016-07-20 2019-07-02 Montage Technology Co., Ltd. Method and apparatus for controlling application to access memory
CN107644173B (en) * 2016-07-20 2019-10-11 澜起科技股份有限公司 Method and apparatus for controlling application program access memory
CN107665175A (en) * 2016-07-27 2018-02-06 展讯通信(上海)有限公司 The method, apparatus and electronic equipment of memory partition isolation
CN106534065A (en) * 2016-09-29 2017-03-22 宇龙计算机通信科技(深圳)有限公司 Resource access control method and system
CN106657551A (en) * 2016-12-05 2017-05-10 惠州Tcl移动通信有限公司 Method and system for preventing mobile terminal from being unlocked
CN106790128A (en) * 2016-12-27 2017-05-31 宇龙计算机通信科技(深圳)有限公司 A kind of resource share method and device
CN107240157B (en) * 2017-05-12 2020-08-21 南京心视窗信息科技有限公司 Near field communication security control method, mobile terminal and computer readable storage medium
CN109117625B (en) * 2017-06-22 2020-11-06 华为技术有限公司 Method and device for determining safety state of AI software system
CN109446847B (en) * 2017-08-31 2022-08-19 厦门雅迅网络股份有限公司 Configuration method of dual-system peripheral resources, terminal equipment and storage medium
CN107908957B (en) * 2017-11-03 2021-09-17 北京邮电大学 Safe operation management method and system of intelligent terminal
CN108288004A (en) * 2017-12-07 2018-07-17 深圳市中易通安全芯科技有限公司 A kind of encryption chip is in REE and TEE environmental coexistence system and methods
EP3835983B1 (en) * 2018-08-14 2023-10-04 Huawei Technologies Co., Ltd. Artificial intelligence (ai) processing method and ai processing device
CN109446815B (en) * 2018-09-30 2020-12-25 华为技术有限公司 Management method and device for basic input/output system firmware and server
FR3086772B1 (en) * 2018-10-01 2021-11-12 Stmicroelectronics Grand Ouest Sas PROCESS FOR MANAGING A DVFS POWER SUPPLY AND CORRESPONDING SYSTEM
CN109522722A (en) * 2018-10-17 2019-03-26 联想(北京)有限公司 System method and device of safe processing
CN112528288A (en) 2019-08-30 2021-03-19 华为技术有限公司 Running method of trusted application, information processing and memory allocation method and device
CN110609799A (en) * 2019-09-11 2019-12-24 天津飞腾信息技术有限公司 Safety protection method for off-chip nonvolatile storage
CN111148070B (en) * 2019-12-31 2021-06-15 华为技术有限公司 V2X communication method and device and vehicle
CN111328070B (en) * 2020-01-21 2024-08-23 中国银联股份有限公司 Data processing method, device, equipment and medium
CN111459869B (en) * 2020-04-14 2022-04-29 中国长城科技集团股份有限公司 Data access method, device, equipment and storage medium
CN111538995B (en) * 2020-04-26 2021-10-29 支付宝(杭州)信息技术有限公司 Data storage method and device and electronic equipment
CN112596797A (en) * 2020-12-23 2021-04-02 中国长城科技集团股份有限公司 BIOS setting method, device, system, equipment and storage medium
CN114239050A (en) * 2021-11-12 2022-03-25 希姆通信息技术(上海)有限公司 Android system key file security storage method and system
CN114257877A (en) * 2021-12-02 2022-03-29 展讯通信(上海)有限公司 Key deployment and use method and device for broadband digital video protection (HDCP)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101452514A (en) * 2007-12-06 2009-06-10 中国长城计算机深圳股份有限公司 User data protection method for safety computer
CN102004886A (en) * 2010-11-15 2011-04-06 上海安纵信息科技有限公司 Data anti-leakage method based on operating system virtualization principle
CN104091135A (en) * 2014-02-24 2014-10-08 电子科技大学 Intelligent terminal safety system and safety storage method
CN104392188A (en) * 2014-11-06 2015-03-04 三星电子(中国)研发中心 Security data storage method and system
CN104765612A (en) * 2015-04-10 2015-07-08 武汉天喻信息产业股份有限公司 System and method for having access to credible execution environment and credible application

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004046924A1 (en) * 2002-11-18 2004-06-03 Arm Limited Processor switching between secure and non-secure modes
US8375221B1 (en) * 2011-07-29 2013-02-12 Microsoft Corporation Firmware-based trusted platform module for arm processor architectures and trustzone security extensions

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101452514A (en) * 2007-12-06 2009-06-10 中国长城计算机深圳股份有限公司 User data protection method for safety computer
CN102004886A (en) * 2010-11-15 2011-04-06 上海安纵信息科技有限公司 Data anti-leakage method based on operating system virtualization principle
CN104091135A (en) * 2014-02-24 2014-10-08 电子科技大学 Intelligent terminal safety system and safety storage method
CN104392188A (en) * 2014-11-06 2015-03-04 三星电子(中国)研发中心 Security data storage method and system
CN104765612A (en) * 2015-04-10 2015-07-08 武汉天喻信息产业股份有限公司 System and method for having access to credible execution environment and credible application

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Building a Secure System using TrustZone Technology";ARM Limited;《ARM Security Technology》;20090430;正文第2-1 - 6-16页 *

Also Published As

Publication number Publication date
CN105447406A (en) 2016-03-30

Similar Documents

Publication Publication Date Title
CN105447406B (en) A kind of method and apparatus for accessing memory space
CN107533609B (en) System, device and method for controlling multiple trusted execution environments in a system
CN109766165B (en) Memory access control method and device, memory controller and computer system
US7313705B2 (en) Implementation of a secure computing environment by using a secure bootloader, shadow memory, and protected memory
CN106534148B (en) Access control method and device for application
CN104318176B (en) Data management method and device for terminal and terminal
US10897359B2 (en) Controlled storage device access
US20130298205A1 (en) Architecture for virtual security module
CN103827881A (en) Method and system for dynamic platform security in a device operating system
US20120137372A1 (en) Apparatus and method for protecting confidential information of mobile terminal
US10713381B2 (en) Method and apparatus for securely calling fingerprint information, and mobile terminal
US20090064273A1 (en) Methods and systems for secure data entry and maintenance
WO2015117523A1 (en) Access control method and device
US20170201528A1 (en) Method for providing trusted service based on secure area and apparatus using the same
EP3866385A1 (en) Capability exposure method and device
CN111245620B (en) Mobile security application architecture in terminal and construction method thereof
CN104955043B (en) A kind of intelligent terminal security protection system
CN110352411B (en) Method and apparatus for controlling access to secure computing resources
CN114600102A (en) Apparatus and method for protecting shared objects
WO2022100247A1 (en) Method for switching execution environment and related device
CN112363800B (en) Network card memory access method, security processor, network card and electronic equipment
CN104866761B (en) A kind of high security Android intelligent terminal
CN111209561B (en) Application calling method and device of terminal equipment and terminal equipment
CN116226870B (en) Security enhancement system and method
CN114580005B (en) Data access method, computer device and readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant